Skip to content

S0108 netsh

netsh is a scripting utility used to interact with networking components on local or remote systems. 1

Item Value
ID S0108
Associated Names
Type TOOL
Version 1.2
Created 31 May 2017
Last Modified 17 January 2023
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1546 Event Triggered Execution -
enterprise T1546.007 Netsh Helper DLL netsh can be used as a persistence proxy technique to execute a helper DLL when netsh.exe is executed.3
enterprise T1562 Impair Defenses -
enterprise T1562.004 Disable or Modify System Firewall netsh can be used to disable local firewall settings.12
enterprise T1090 Proxy netsh can be used to set up a proxy tunnel to allow remote host access to an infected host.4
enterprise T1518 Software Discovery -
enterprise T1518.001 Security Software Discovery netsh can be used to discover system firewall settings.12

Groups That Use This Software

ID Name References
G0035 Dragonfly 6
G0019 Naikon 7
G0059 Magic Hound 8
G0008 Carbanak 9
G0050 APT32 10
G0032 Lazarus Group 11

References